WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#42396 closed defect (bug) (invalid)

question about wp_kses - is that correct?

Reported by: tazotodua Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

wp-includes\kses.php, there is:

function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
	global $pass_allowed_html, $pass_allowed_protocols;
	$pass_allowed_html = $allowed_html;
	$pass_allowed_protocols = $allowed_protocols;
	return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string );
}

before the return, there are variables, which are not used anywhere inside that function, is that correct?

Change History (3)

#1 @tazotodua
4 years ago

also, my another question, i see some strange cycle:

wp_kses calls wp_kses_split

function wp_kses(
    ....
    return wp_kses_split(.....)
)


wp_kses_split itself, calls _wp_kses_split_callback

function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
        .......
	return preg_replace_callback(..........., '_wp_kses_split_callback', .......);
}

_wp_kses_split_callback calls wp_kses_split2

function _wp_kses_split_callback( $match ) {
	........
	return wp_kses_split2(......);
}

wp_kses_split2 calls wp_kses again...

function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
     .......
       while ( $string != ($newstring = wp_kses(..........)) )
     .....
}

doesnt that make an infinite loop?

Last edited 4 years ago by tazotodua (previous) (diff)

#2 @swissspidy
4 years ago

  • Keywords close added

before the return, there are variables, which are not used anywhere inside that function, is that correct?

No.

global $pass_allowed_html, $pass_allowed_protocols;
$pass_allowed_html = $allowed_html;
$pass_allowed_protocols = $allowed_protocols;

This means the two global variables are overridden by the function arguments. _wp_kses_split_callback uses these globals after that.

doesn't that make an infinite loop?

No. wp_kses() might get called multiple times, that's called recursion. That doesn't automatically make it an infinite loop though.

#3 @johnbillion
4 years ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.